> -----Original Message-----
> From: De Lara Guarch, Pablo
> Sent: Thursday, June 29, 2017 12:35 PM
> To: Doherty, Declan <declan.dohe...@intel.com>;
> zbigniew.bo...@caviumnetworks.com;
> jerin.ja...@caviumnetworks.com; akhil.go...@nxp.com; hemant.agra...@nxp.com;
> Trahe, Fiona
> <fiona.tr...@intel.com>; Griffin, John <john.grif...@intel.com>; Jain, Deepak
> K
> <deepak.k.j...@intel.com>
> Cc: dev@dpdk.org; De Lara Guarch, Pablo <pablo.de.lara.gua...@intel.com>
> Subject: [PATCH v3 00/26] Crypto operation restructuring
>
> This patchset attempts to correct and improve the current crypto operation
> (rte_crypto_op) and symmetric crypto operation (rte_crypto_sym_op) structures,
> shrinking their sizes to fit both structures into two 64-byte cache lines
> (with extra space for the IV and other user data) as one of the goals.
>
> It also introduces new AEAD algorithm specific parameters,
> to simplify its setup with a single transform, instead of a concatenation
> of a cipher and an authentication transform.
>
> The following changes are made:
>
> In rte_crypto_op:
>
> - Moved session type (with session/sessionless) from symmetric op to crypto
> op,
> as this could be used for other types
>
> - Combined operation type, operation status and session type into a 64-bit
> flag (each one taking 1 byte),
> instead of having enums taking 4 bytes each
>
> - Removed opaque data from crypto operation, as private data can be allocated
> just after the symmetric (or other type) crypto operation
>
> - Modified symmetric operation pointer to zero-array, as the symmetric op
> should be always after the
> crypto operation
>
> - Removed unnecessary cache alignment
>
> In rte_crypto_sym_xform:
>
> - Added IV length and offset in sym_xform, so these will be fixed for all the
> operations in a session
>
> - Added a new AEAD transform
>
> - Added IV for authentication and AEAD transforms
>
> - Removed AAD length from authentication transform, as it is only used for
> AEAD algorithms
>
> In rte_crypto_sym_op:
>
> - Removed IV parameters, which will be only in the session.
>
> - Added AEAD specific parameters.
>
> - Create union with the new AEAD parameters and the cipher/authentication
> parameters,
> as the three cannot be used at the same time
>
> - Removed digest length from sym crypto op, so this length will be fixed for
> all the operations in a
> session
>
> - Removed AAD length from sym crypto op, so this length will be fixed for all
> operations in a session
>
> - Removed AAD from authentication structure, as it is only used for AEAD
> algorithms
>
> - Added zero-array at the end of sym crypto op to be used to get extra
> allocated memory (IV + other
> user data)
>
>
> In terms of algorithm usage:
>
> - AEAD algorithms (like AES-GCM) are set up only using the AEAD structure
>
> - AES GMAC will be an authentication only algorithm, using the source buffer
> directly, instead of AAD
> field
>
> - Wireless algorithms (like SNOW3G) do not use AAD field for authentication
> IV anymore, as this is
> available now.
>
>
> Finally, a comparison between the previous operation and the new operation:
>
> Previous rte_crypto_op (40 bytes) and rte_crypto_sym_op (114 bytes)
> structures:
>
> struct rte_crypto_op {
> enum rte_crypto_op_type type;
> enum rte_crypto_op_status status;
> struct rte_mempool *mempool;
> phys_addr_t phys_addr;
> void *opaque_data;
> union {
> struct rte_crypto_sym_op *sym;
> };
> } __rte_cache_aligned;
>
> struct rte_crypto_sym_op {
> struct rte_mbuf *m_src;
> struct rte_mbuf *m_dst;
>
> enum rte_crypto_sym_op_sess_type sess_type;
>
> RTE_STD_C11
> union {
> struct rte_cryptodev_sym_session *session;
> struct rte_crypto_sym_xform *xform;
> };
>
> struct {
> struct {
> uint32_t offset;
> uint32_t length;
> } data;
>
> struct {
> uint8_t *data;
> phys_addr_t phys_addr;
> uint16_t length;
> } iv;
> } cipher;
>
> struct {
> struct {
> uint32_t offset;
> uint32_t length;
> } data;
> struct {
> uint8_t *data;
> phys_addr_t phys_addr;
> uint16_t length;
> } digest; /**< Digest parameters */
>
> struct {
> uint8_t *data;
> phys_addr_t phys_addr;
> uint16_t length;
> } aad;
>
> } auth;
> } __rte_cache_aligned;
>
>
> New rte_crypto_op (24 bytes) and rte_crypto_sym_op (72 bytes) structures:
>
> struct rte_crypto_op {
> uint64_t type: 8;
> uint64_t status: 8;
> uint64_t sess_type: 8;
>
> struct rte_mempool *mempool;
>
> phys_addr_t phys_addr;
>
> RTE_STD_C11
> union {
> struct rte_crypto_sym_op sym[0];
> };
> } __rte_cache_aligned;
>
>
> struct rte_crypto_sym_op {
> struct rte_mbuf *m_src;
> struct rte_mbuf *m_dst;
>
> union {
> struct rte_cryptodev_sym_session *session;
> /**< Handle for the initialised session context */
> struct rte_crypto_sym_xform *xform;
> /**< Session-less API Crypto operation parameters */
> };
>
> union {
> struct {
> struct {
> uint32_t offset;
> uint32_t length;
> } data; /**< Data offsets and length for AEAD */
>
> struct {
> uint8_t *data;
> phys_addr_t phys_addr;
> } digest; /**< Digest parameters */
>
> struct {
> uint8_t *data;
> phys_addr_t phys_addr;
> } aad;
> /**< Additional authentication parameters */
> } aead;
>
> struct {
> struct {
> struct {
> uint32_t offset;
> uint32_t length;
> } data; /**< Data offsets and length for ciphering */
> } cipher;
>
> struct {
> struct {
> uint32_t offset;
> uint32_t length;
> } data;
> /**< Data offsets and length for authentication */
>
> struct {
> uint8_t *data;
> phys_addr_t phys_addr;
> } digest; /**< Digest parameters */
> } auth;
> };
> };
> };
>
> Changes in v3:
>
> - Removed unnecessary branch in test code
>
> - Removed unnecessary memcpy in perf application
>
> - Removed fix for QAT, which will be sent separated
>
> - Rebased against dpdk-next-crypto subtree
>
> Changes in v2:
>
> - Added AEAD structures
>
> - Added authentication IV (used for AES-GMAC and wireless algorithms)
>
> - Modified all applications with the changes
>
> - Modified all drivers with the changes
>
> - Moved AAD length to the crypto session
>
> - Rebased against latest dpdk-next-crypto
>
> - Added documentation changes
>
> Pablo de Lara (26):
> cryptodev: move session type to generic crypto op
> cryptodev: replace enums with 1-byte variables
> cryptodev: remove opaque data pointer in crypto op
> cryptodev: do not store pointer to op specific params
> cryptodev: remove useless alignment
> cryptodev: add crypto op helper macros
> test/crypto: move IV to crypto op private data
> test/crypto-perf: move IV to crypto op private data
> app/crypto-perf: move IV to crypto op private data
> examples/l2fwd-crypto: move IV to crypto op private data
> examples/ipsec-secgw: move IV to crypto op private data
> cryptodev: pass IV as offset
> cryptodev: move IV parameters to crypto session
> cryptodev: add auth IV
> cryptodev: do not use AAD in wireless algorithms
> cryptodev: remove AAD length from crypto op
> cryptodev: remove digest length from crypto op
> cryptodev: set AES-GMAC as auth-only algo
> cryptodev: add AEAD specific data
> cryptodev: add AEAD parameters in crypto operation
> examples/l2fwd-crypto: avoid too many tabs
> app/test-crypto-perf: add AEAD parameters
> examples/ipsec-secgw: add AEAD parameters
> examples/l2fwd-crypto: add AEAD parameters
> cryptodev: use AES-GCM/CCM as AEAD algorithms
> cryptodev: remove AAD from authentication structure
>
> app/test-crypto-perf/cperf_ops.c | 246 ++--
> app/test-crypto-perf/cperf_ops.h | 6 +-
> app/test-crypto-perf/cperf_options.h | 24 +-
> app/test-crypto-perf/cperf_options_parsing.c | 148 ++-
> app/test-crypto-perf/cperf_test_latency.c | 59 +-
> app/test-crypto-perf/cperf_test_throughput.c | 24 +-
> app/test-crypto-perf/cperf_test_vector_parsing.c | 67 +-
> app/test-crypto-perf/cperf_test_vectors.c | 140 ++-
> app/test-crypto-perf/cperf_test_vectors.h | 20 +-
> app/test-crypto-perf/cperf_test_verify.c | 25 +-
> app/test-crypto-perf/data/aes_cbc_128_sha.data | 2 +-
> app/test-crypto-perf/data/aes_cbc_192_sha.data | 2 +-
> app/test-crypto-perf/data/aes_cbc_256_sha.data | 2 +-
> app/test-crypto-perf/main.c | 61 +-
> doc/guides/prog_guide/cryptodev_lib.rst | 107 +-
> doc/guides/prog_guide/img/crypto_xform_chain.svg | 8 +-
> doc/guides/rel_notes/release_17_08.rst | 36 +
> doc/guides/sample_app_ug/ipsec_secgw.rst | 43 +-
> doc/guides/sample_app_ug/l2_forward_crypto.rst | 41 +-
> doc/guides/tools/cryptoperf.rst | 50 +-
> drivers/crypto/aesni_gcm/aesni_gcm_pmd.c | 260 +++--
> drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c | 32 +-
> drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h | 13 +-
> drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 16 +-
> drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 21 +-
> drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h | 5 +
> drivers/crypto/armv8/rte_armv8_pmd.c | 26 +-
> drivers/crypto/armv8/rte_armv8_pmd_ops.c | 6 +-
> drivers/crypto/armv8/rte_armv8_pmd_private.h | 9 +-
> drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 87 +-
> drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h | 25 +-
> drivers/crypto/kasumi/rte_kasumi_pmd.c | 88 +-
> drivers/crypto/kasumi/rte_kasumi_pmd_ops.c | 5 +-
> drivers/crypto/kasumi/rte_kasumi_pmd_private.h | 2 +
> drivers/crypto/null/null_crypto_pmd.c | 15 +-
> drivers/crypto/null/null_crypto_pmd_ops.c | 9 +-
> drivers/crypto/openssl/rte_openssl_pmd.c | 209 +++-
> drivers/crypto/openssl/rte_openssl_pmd_ops.c | 103 +-
> drivers/crypto/openssl/rte_openssl_pmd_private.h | 14 +
> drivers/crypto/qat/qat_adf/qat_algs.h | 9 +
> drivers/crypto/qat/qat_adf/qat_algs_build_desc.c | 7 +-
> drivers/crypto/qat/qat_crypto.c | 341 ++++--
> drivers/crypto/qat/qat_crypto.h | 4 +
> drivers/crypto/qat/qat_crypto_capabilities.h | 82 +-
> drivers/crypto/snow3g/rte_snow3g_pmd.c | 79 +-
> drivers/crypto/snow3g/rte_snow3g_pmd_ops.c | 5 +-
> drivers/crypto/snow3g/rte_snow3g_pmd_private.h | 2 +
> drivers/crypto/zuc/rte_zuc_pmd.c | 63 +-
> drivers/crypto/zuc/rte_zuc_pmd_ops.c | 7 +-
> drivers/crypto/zuc/rte_zuc_pmd_private.h | 2 +
> examples/ipsec-secgw/esp.c | 243 ++--
> examples/ipsec-secgw/ipsec.c | 1 -
> examples/ipsec-secgw/ipsec.h | 6 +-
> examples/ipsec-secgw/sa.c | 285 +++--
> examples/l2fwd-crypto/main.c | 721 +++++++++---
> lib/librte_cryptodev/rte_crypto.h | 37 +-
> lib/librte_cryptodev/rte_crypto_sym.h | 618 +++++-----
> lib/librte_cryptodev/rte_cryptodev.c | 71 +-
> lib/librte_cryptodev/rte_cryptodev.h | 90 +-
> lib/librte_cryptodev/rte_cryptodev_version.map | 4 +
> test/test/test_cryptodev.c | 1176
> ++++++++------------
> test/test/test_cryptodev.h | 6 +
> test/test/test_cryptodev_blockcipher.c | 41 +-
> test/test/test_cryptodev_gcm_test_vectors.h | 29 +-
> .../test/test_cryptodev_kasumi_hash_test_vectors.h | 16 +-
> test/test/test_cryptodev_kasumi_test_vectors.h | 20 +-
> test/test/test_cryptodev_perf.c | 673 +++++------
> .../test/test_cryptodev_snow3g_hash_test_vectors.h | 14 +-
> test/test/test_cryptodev_snow3g_test_vectors.h | 24 +-
> test/test/test_cryptodev_zuc_test_vectors.h | 38 +-
> 70 files changed, 4044 insertions(+), 2726 deletions(-)
>
> --
> 2.9.4
Acked-by: Fiona Trahe <fiona.tr...@intel.com>
